Still Infected With Malware? (Thread on hold)

Shane-S · Nov 17, 2009

Hi,

I have had some malware problems that my aunt said came from using the P2P software. She uninstalled all of it and sent me here for help. I would really appreciate anything that yhou can do with my computer. I won't be using torrents again so please, will you help me? Thank you for any thing you can do for me.

Shane

SAS Quick Scan
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 11/16/2009 at 10:22 PM
Application Version : 4.30.1004
Core Rules Database Version : 4279
Trace Rules Database Version: 2156
Scan type : Quick Scan
Total Scan Time : 00:42:41
Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 629
Registry threats detected : 7
File items scanned : 8209
File threats detected : 17
Adware.URLBlaze
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
C:\PROGRAM FILES\KENSINGTON\MOUSEWORKS\IE_KMW.DLL
HKU\S-1-5-21-1823778422-1375979268-1435363849-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
Adware.Tracking Cookie
C:\Documents and Settings\Shane\Cookies\shane@atdmt[1].txt
C:\Documents and Settings\Shane\Cookies\shane@doubleclick[2].txt
C:\Documents and Settings\Shane\Cookies\shane@msnportal.112.2o7[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@s.clickability[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@crossmediaservices[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@adbrite[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@revsci[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@insightexpressai[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@stats.crossmediaservices[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@collective-media[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@ads.revsci[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@richmedia.yahoo[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@fastclick[2].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@track.bestbuy[1].txt
C:\Documents and Settings\Lisa Forko\Cookies\lisa__forko@www.clickmanage[2].txt

Malwarebytes Scan

Malwarebytes' Anti-Malware 1.41
Database version: 3185
Windows 5.1.2600 Service Pack 3
11/17/2009 6:25:59 AM
mbam-log-2009-11-17 (06-25-59).txt
Scan type: Full Scan (C:\|)
Objects scanned: 263743
Time elapsed: 2 hour(s), 47 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Root Repeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/17 06:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA022000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA98FA000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\windows\temp\perflib_perfdata_7b0.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\shane\local settings\temp\~df103e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\shane\local settings\temp\~df2b4a.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)
Path: C:\Documents and Settings\Shane\Local Settings\Apps\2.0\OJOYY7Z6.G3A\5431ZRX4.4JR\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Shane\Local Settings\Apps\2.0\OJOYY7Z6.G3A\5431ZRX4.4JR\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86bfdf08
#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x85dcfba8
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x868efc90
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86bff558
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa412020
#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x85ddd140
#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x86f7d1d0
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x86fdf1e0
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x869088a0
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x868f4370
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa4122a0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa412800
#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x85e2ed30
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x85dc4288
#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x869083d0
#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86906b88
#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x869280a0
#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86c03220
#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x868f4430
#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x85dd2288
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x86f6bfa8
#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x86f6be40
#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x86fe0238
#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86c004d8
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x85dd4ca0
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x86fdbe70
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8690d708
#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x85ddc2f8
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa412a50
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x868f5330
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x869387d0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xaa1c30b0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8690ee38
#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x868ef808
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x85dd3b50
Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x86c02338 Size: 465
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x869a32e0 Size: 3361
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x86bff1a8 Size: 2398
Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x86c001a8 Size: 1303
Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x86bff9e8 Size: 286
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86c05498 Size: 2920
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869feae8 Size: 168
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x86972290 Size: 514
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x869fda08 Size: 1135
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x869fd990 Size: 1255
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869eaa08 Size: 1078
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x869ea990 Size: 1198
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86962ac8 Size: 455
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86962a50 Size: 575
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869629d8 Size: 695
Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86962960 Size: 815
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869628e8 Size: 935
Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86962870 Size: 1055
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x869627f8 Size: 1175
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86962780 Size: 1295
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86962708 Size: 1415
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86962690 Size: 1535
Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x86962618 Size: 1655
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869625a0 Size: 1775
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86962528 Size: 1895
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x869624b0 Size: 2015
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86962438 Size: 2135
Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x869623c0 Size: 2255
Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x85a9d530
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x85a97f30
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x85a9d4b8
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x85a97fa8
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x85a95ea0
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x85a89ed0
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x85a89e58
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x85d053c8
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x86a9a238
==EOF==

OTL logfile created on: 11/17/2009 7:17:36 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 330.58 Mb Available Physical Memory | 32.60% Memory free
1.63 Gb Paging File | 0.93 Gb Available in Paging File | 56.67% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 19.97 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D50S1X81
Current User Name: Shane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Shane\Desktop\RootRepeal\RootRepeal.exe ( )
PRC - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091116.037\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091116.037\NAVENG.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20091111.001\SymIDSco.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ICDUSB2) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 8B 75 4D 2D 67 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "AOL Search="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "Welcome to Facebook | Facebook"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: splash@aldreneo.com:2.0.2
FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:2.0.3
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:2
FF - prefs.js..keyword.URL: "AOL Search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\Lisa Forko\My Documents\REalplayer11\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 16:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 18:13:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 04:46:18 | 00,000,000 | ---D | M]

[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions
[2008/08/26 17:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/15 18:38:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions
[2009/02/02 19:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 20:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/10/19 14:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\camifox@altmusictv.com
[2009/10/19 14:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\chromifox@altmusictv.com
[2009/10/19 14:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\savesession@noasobi.net
[2009/10/23 20:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\splash@aldreneo.com
[2008/07/09 15:25:27 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\aimsearch.xml
[2009/01/15 09:24:26 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\conduit.xml
[2009/11/17 05:58:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 23:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/03 16:12:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/13 16:39:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/03 16:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 23:34:45 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 23:34:47 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 23:34:56 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/02/24 20:05:56 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/02/24 20:10:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/24 20:05:20 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/11/06 09:19:24 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258439391375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258451344234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (nd) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{5f99cc7d-ab9c-11dd-b706-00132091dda8}\Shell - "" = AutoRun
O33 - MountPoints2\{5f99cc7d-ab9c-11dd-b706-00132091dda8}\Shell\Auto\command - "" = G:\svchct.exe -- File not found
O33 - MountPoints2\{5f99cc7d-ab9c-11dd-b706-00132091dda8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/17 06:53:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Desktop\RootRepeal
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Videos
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Music
[2009/11/17 05:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/17 04:49:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/17 04:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/17 03:03:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/17 03:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 03:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Malwarebytes
[2009/11/17 03:00:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/17 03:00:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/17 02:56:35 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/17 02:52:08 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/11/17 02:44:38 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/17 02:40:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\PCHealth
[2009/11/17 02:38:13 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/11/17 01:41:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/11/17 01:41:01 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/11/17 01:41:01 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/11/17 01:41:00 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/11/17 01:40:38 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/11/17 01:39:53 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/11/17 01:39:35 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/11/17 01:38:47 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/17 01:38:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/11/17 01:38:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/11/17 01:38:18 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/11/17 01:38:07 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/11/17 01:37:50 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/11/17 01:37:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/11/17 01:37:38 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/11/17 01:37:32 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/17 01:37:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/17 01:37:04 | 10,841,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/11/17 01:36:48 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/17 01:36:29 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/11/17 01:36:09 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/11/17 01:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Auslogics
[2009/11/17 01:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/11/16 23:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/16 23:20:53 | 00,000,000 | ---D | C] -- C:\4d49826d1c3ed3d596c5f6a23aa1
[2009/11/16 23:18:24 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Shane\Recent
[2009/11/16 23:13:40 | 00,215,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/11/16 23:13:39 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/11/16 23:12:37 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/11/16 23:12:32 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/11/16 23:10:31 | 00,000,000 | --SD | C] -- C:\My Documents
[2009/11/16 23:10:31 | 00,000,000 | ---D | C] -- C:\My Documents\My Pictures
[2009/11/16 21:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\VSRevoGroup
[2009/11/16 21:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/16 21:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/16 21:30:52 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/11/11 15:45:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/03 16:36:07 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 16:36:06 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/03/27 15:29:21 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2007/12/14 16:09:02 | 00,217,088 | ---- | C] ( ) -- C:\Documents and Settings\Shane\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Shane\Local Settings\Application Data\stdole.dll

========== Files - Modified Within 30 Days ==========

[2009/11/17 07:14:00 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Shane\ntuser.dat
[2009/11/17 06:41:47 | 00,000,000 | ---- | M] () -- C:\settings.dat
[2009/11/17 04:53:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/17 03:26:50 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/17 03:26:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 03:26:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 03:26:36 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 03:25:49 | 07,864,320 | -H-- | M] () -- C:\Documents and Settings\Shane\ntuser.bak
[2009/11/17 03:25:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Shane\ntuser.ini
[2009/11/17 03:12:37 | 00,000,793 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/17 03:12:37 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/17 03:12:37 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/11/17 03:01:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 02:56:36 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/17 02:44:42 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/17 02:35:21 | 01,582,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/17 02:10:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/17 01:29:18 | 00,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 01:26:11 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 23:50:13 | 00,458,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 23:50:13 | 00,407,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/16 23:50:13 | 00,063,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/16 23:10:30 | 00,005,018 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/16 23:10:30 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2009/11/16 21:48:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/16 21:30:53 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/11 17:36:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/08 11:30:14 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/26 16:48:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/25 19:19:16 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences.dat
[2009/10/25 19:14:26 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences2.dat
[2009/10/23 21:33:49 | 00,002,038 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\vba.ini

========== Files Created - No Company Name ==========

[2009/11/17 06:41:47 | 00,000,000 | ---- | C] () -- C:\settings.dat
[2009/11/17 03:01:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 01:29:18 | 00,000,566 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 01:29:13 | 00,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/17 01:26:10 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 21:48:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:56 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/11 15:48:47 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/23 13:37:03 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\6248E5
[2009/05/23 13:37:02 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\mcs.rma
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/03/28 10:47:36 | 01,575,170 | -H-- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\IconCache.db
[2009/03/13 16:40:52 | 00,000,482 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/10/25 17:52:58 | 00,006,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/09 20:09:20 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 20:42:08 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/05/15 21:30:16 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/21 18:26:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/08 19:23:12 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/03/18 14:59:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/26 22:03:10 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/07/20 11:48:28 | 00,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2007/06/13 17:41:18 | 00,595,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2007/06/13 17:41:09 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2007/04/15 15:14:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/04/11 13:46:33 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/01/17 21:35:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/01/17 21:20:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2007/01/17 21:20:27 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2007/01/17 21:20:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/11/17 23:35:53 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/17 23:35:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/14 21:05:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/10/14 21:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/03/20 09:27:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/19 12:52:46 | 00,005,664 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypinfo.bin
[2006/03/19 12:30:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/03/10 20:45:47 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 15:25:29 | 00,080,472 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/10 18:02:04 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/10 18:02:04 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2005/12/04 16:34:13 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JPR.{PB
[2005/12/04 16:34:13 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JCM.{PB
[2005/12/04 16:20:21 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/03 18:06:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Shane\Application Data\desktop.ini
[2005/12/03 18:06:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\fusioncache.dat
[2005/12/03 16:21:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/28 19:23:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 19:13:03 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 19:11:58 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\MFC71.DLL
[2005/11/28 18:43:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/30 11:08:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/08/30 11:08:46 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/08/30 11:08:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/08/30 11:07:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/08/30 11:07:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/08/30 11:07:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/08/30 11:07:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/08/30 11:06:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,793 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/28 13:47:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/06/21 15:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 15:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 15:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 15:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 15:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 15:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 15:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 15:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 15:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/06/06 10:58:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/05 14:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll

========== LOP Check ==========

[2006/03/15 17:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2009/01/07 11:55:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2006/09/21 17:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/19 19:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive
[2008/11/22 13:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/03/25 18:19:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/17 20:37:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/11/17 06:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/24 17:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/15 00:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/10/26 16:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/15 14:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 23:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/31 18:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\acccore
[2009/11/17 01:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Auslogics
[2009/01/15 16:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Corel
[2006/03/04 15:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Corel Photo Album
[2007/05/22 14:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Kensington
[2009/04/15 17:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Laconic Software
[2008/11/28 13:51:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Leadertech
[2008/12/24 13:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\MSNInstaller
[2009/02/20 18:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Red Kawa
[2009/03/18 19:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Smith Micro
[2009/03/23 07:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\TrueSwitch
[2009/11/16 21:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\VSRevoGroup
[2009/11/17 01:29:18 | 00,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 03:26:50 | 00,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/17 03:26:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

BeeCeeBee · Nov 17, 2009

Re: Still Infected With Malware?

Hi Shane and welcome to Computer Help Forums!!

A malware removal specialist will take charge of this thread and you should check back from time to time. Also it is great that you reviewed the request for the posting of logs and included them in your first post. That will go a long way toward speeding up the process.

You used the word "still" in the title which indicates some attempt at removal. Can you give us a little background on the symptoms that you are getting? Thanks!

Shane-S · Nov 17, 2009

Re: Still Infected With Malware?

Thank you for the welcome and I sure can tell what the symptoms are/were. My computer was moving very slowly and I was getting alot of popups. My search machine is always google but for some reason it kept changing to ask and it took me to advertisement links instead of where I wanted to go. Most of that isn't happening anymore because I was up all night at my aunts running scans and removing the malware it found. The computer is still very slow, not as bad as it was and I am getting weird internet explorer errors. I almost forgot, it freezes and hangs up all of the time, still just as bad as it did.

Thank you for helping me, I really do appreciate it.

Shane

Shane-S · Nov 17, 2009

Re: Still Infected With Malware?

THis is a log from SAS complete scan.

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 11/17/2009 at 08:51 AM
Application Version : 4.30.1004
Core Rules Database Version : 4280
Trace Rules Database Version: 2156
Scan type : Complete Scan
Total Scan Time : 01:10:54
Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 6680
Registry threats detected : 0
File items scanned : 28002
File threats detected : 17
Adware.Tracking Cookie
C:\Documents and Settings\Shane\Cookies\shane@atdmt[2].txt
C:\Documents and Settings\Shane\Cookies\shane@advertising[2].txt
C:\Documents and Settings\Shane\Cookies\shane@revsci[2].txt
C:\Documents and Settings\Shane\Cookies\shane@serving-sys[2].txt
C:\Documents and Settings\Shane\Cookies\shane@doubleclick[2].txt
C:\Documents and Settings\Shane\Cookies\shane@mediaplex[1].txt
C:\Documents and Settings\Shane\Cookies\shane@specificmedia[2].txt
C:\Documents and Settings\Shane\Cookies\shane@specificclick[2].txt
C:\Documents and Settings\Shane\Cookies\shane@a1.interclick[2].txt
C:\Documents and Settings\Shane\Cookies\shane@apmebf[1].txt
C:\Documents and Settings\Shane\Cookies\shane@collective-media[1].txt
C:\Documents and Settings\Shane\Cookies\shane@tribalfusion[2].txt
C:\Documents and Settings\Shane\Cookies\shane@interclick[1].txt
C:\Documents and Settings\Shane\Cookies\shane@msnportal.112.2o7[1].txt
C:\Documents and Settings\Shane\Cookies\shane@bs.serving-sys[2].txt
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1037\A0157113.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1037\A0157114.DLL

BeeCeeBee · Nov 17, 2009

Re: Still Infected With Malware?

Shane our primary malware specialists are in the UK where it is presently about 2:30 in the afternoon. I would imagine that it will be a few hours before they get to this. That is not always the case but is the most likely.

Often it is helpful when things that you post in the US before you retire will be answered when you wake up.

starbuck · Nov 17, 2009

Re: Still Infected With Malware?

Hi Shane,
Sorry it took me awhile to get back to you, had the day off and have been chilling out.
Ok, back to work mode now.

MBAM and SAS have cleared up a lot.

Thanks for the logs posted, although you forgot to post the 'Extras.txt' from Otl.
It should be located on your 'Desktop'.

I'm a little confused by the posted reports..... you have 'symantec' (Norton) showing in the processes and services.... but not showing in the startup section.

Let's get a different report and see what that shows.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If running Vista, you may not see this screen

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

In your next reply, please submit:
Combofix.txt
and the Extras.txt from Otl (if you can locate it)

There is stuff to be removed from the Otl log posted, but i'll wait until the Combofix.txt before sorting that out.

Thanks.

Shane-S · Nov 17, 2009

Re: Still Infected With Malware?

Thank you starbucks. Sorry about the missing extra text, it was confusing trying to remember all of the reports. I think (hope) this is the missing one?

OTL Extras logfile created on: 11/17/2009 7:17:36 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 330.58 Mb Available Physical Memory | 32.60% Memory free
1.63 Gb Paging File | 0.93 Gb Available in Paging File | 56.67% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 19.97 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D50S1X81
Current User Name: Shane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1139094048\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1139094048\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1139094048\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1139094048\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\PROGRA~1\Yahoo!\MESSEN~1\Yserver.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Common Files\AOL\1142973760\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1142973760\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1142973760\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1142973760\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe" = C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire.exe" = C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire.exe:*:Enabled:LimeWire -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Piolet\Piolet.exe" = C:\Program Files\Piolet\Piolet.exe:*:Enablediolet -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\All Users\Documents\iTunes Music\LimeWire.exe" = C:\Documents and Settings\All Users\Documents\iTunes Music\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe" = C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\FrostWire\FrostWire.exe" = C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"F:\My Documents\My Music\iTunes\iTunes Music\FrostWire\FrostWire.exe" = F:\My Documents\My Music\iTunes\iTunes Music\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\My Documents\LimeWire\LimeWire.exe" = F:\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3793F868-E53F-4A7F-A11A-F64CBFD2B887}" = SymNet
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E77E3E0-C999-11DB-6784-007590E818BE}" = CareScribble
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9757283E-3FCA-4F3D-9257-928859318E55}" = Microsoft Windows Theme Ontario
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F1B993AF-70F6-432F-9FA2-59E4DFB9CCE6}" = Dynex mini card reader
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync
"{FE9BA992-FCAE-49E7-97F4-EF9D97DB67A3}" = Security Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AFD653D92C0CA9E8F375124D6A0B19FFBA89B1D2" = Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Backyard Soccer MLS Edition" = Backyard Soccer MLS Edition
"BREE5" = Brownstone Equation Editor 5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DosageCalcs" = Davis's Dosage Calculators for Nurses
"EasyChange Powered by TrueSwitch" = EasyChange Powered by TrueSwitch
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM" = F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM
"GTRemote Client" = DellConnect
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"InstallShield_{F1B993AF-70F6-432F-9FA2-59E4DFB9CCE6}" = Dynex mini card reader
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"LG USB Drivers" = LG USB Drivers
"Lippincott's Q&A Review for NCLEX-RN, 9th Edition" = Lippincott's Q&A Review for NCLEX-RN, 9th Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedErrors" = Davis's Med Errors Self Test
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NCLEX-RN Review Made Incredibly Easy 3rd Edition" = NCLEX-RN Review Made Incredibly Easy 3rd Edition
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phantasy Star Online Blue Burst_is1" = Phantasy Star Online Blue Burst 1.0
"PharmDisk 2008" = PharmDisk 2008
"PROSet" = Intel(R) PRO Network Connections Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QLU" = QLU
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sony Digital Voice Editor 2" = Sony Digital Voice Editor 2
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Tutor" = Tutor
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Videora iPod classic Converter" = Videora iPod classic Converter 4.06
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WoundCare" = Davis's Wound Care Tutorial
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"InstallShield_{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2009 5:34:17 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2009 5:34:32 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/17/2009 5:53:05 AM | Computer Name = D50S1X81 | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 9.2 -- Error 1327.Invalid Drive: F:\

Error - 11/17/2009 6:28:06 AM | Computer Name = D50S1X81 | Source = MsiInstaller | ID = 11327
Description = Product: Norton 360 -- Error 1327. Invalid Drive: F:\

Error - 11/17/2009 6:28:07 AM | Computer Name = D50S1X81 | Source = MsiInstaller | ID = 11327
Description = Product: Norton 360 -- Error 1327. Invalid Drive: F:\

Error - 11/17/2009 6:57:10 AM | Computer Name = D50S1X81 | Source = MsiInstaller | ID = 11327
Description = Product: J2SE Runtime Environment 5.0 Update 10 -- Error 1327.Invalid
Drive: F:\

Error - 11/17/2009 7:49:18 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2009 7:49:19 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2009 7:49:28 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 11/17/2009 7:49:29 AM | Computer Name = D50S1X81 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

[ System Events ]
Error - 11/17/2009 3:36:33 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/17/2009 4:08:26 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/17/2009 4:18:55 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/17/2009 4:18:56 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/17/2009 4:18:56 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/17/2009 4:18:56 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7031
Description = The Media Center Receiver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 11/17/2009 4:18:56 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7034
Description = The Media Center Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/17/2009 4:18:57 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/17/2009 4:22:02 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/17/2009 4:27:25 AM | Computer Name = D50S1X81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

< End of report >

I will work on the rest of your instructions immediately.

starbuck · Nov 18, 2009

Re: Still Infected With Malware?

Hi Shane,

I think (hope) this is the missing one
Click to expand...

Yep, that was the one.
I'll wait for the Combofix.txt.

In the meantime, these are old versions of Java and should be removed from your system:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
Remove them and then reboot the system.

Do not remove this Java entry:
Java(TM) 6 Update 17
It's the latest version.

Shane-S · Nov 18, 2009

Re: Still Infected With Malware?

Sorry, I could have sworn that I posted the thing from Combofix. Anyways here it is and I'll get right on the jave.
Thanks, Shane

ComboFix 09-11-18.04 - Shane 11/18/2009 0:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.504 [GMT -5:00]
Running from: c:\documents and settings\Shane\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\jestertb.dll
c:\windows\kb913800.exe
c:\windows\MailSwitch.ocx
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 04:40 . 2009-11-16 22:46 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\NAVENG.SYS
2009-11-18 04:40 . 2009-11-16 22:46 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\NAVENG32.DLL
2009-11-18 04:40 . 2009-11-16 22:46 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\NAVEX32A.DLL
2009-11-18 04:40 . 2009-11-16 22:46 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\NAVEX15.SYS
2009-11-18 04:40 . 2009-11-16 22:46 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\EECTRL.SYS
2009-11-18 04:40 . 2009-11-16 22:46 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\CCERASER.DLL
2009-11-18 04:40 . 2009-11-16 22:46 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\ECMSVR32.DLL
2009-11-18 04:40 . 2009-11-16 22:46 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091117.034\ERASER.SYS
2009-11-18 04:35 . 2009-11-18 04:35 -------- d-----w- c:\windows\LastGood
2009-11-18 04:29 . 2009-11-17 14:18 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-17 17:22 . 2009-11-17 17:26 -------- d-----w- c:\documents and settings\Shane\Application Data\Tutor
2009-11-17 14:45 . 2009-11-17 14:45 -------- d-----w- c:\program files\Norton Support
2009-11-17 14:34 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-17 14:34 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-17 14:34 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-17 14:34 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-17 14:34 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-17 14:20 . 2009-11-17 14:18 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-11-17 14:18 . 2009-11-17 14:18 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-17 14:18 . 2009-11-17 14:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 14:18 . 2009-11-17 14:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 14:18 . 2009-11-17 14:18 -------- d-----w- c:\program files\Symantec
2009-11-17 14:18 . 2009-11-17 14:18 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-11-17 14:18 . 2009-11-17 14:18 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-11-17 14:18 . 2009-11-17 14:18 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-11-17 14:16 . 2009-11-17 14:16 -------- d-----w- c:\windows\system32\drivers\N360
2009-11-17 14:16 . 2009-11-17 14:17 -------- d-----w- c:\program files\Norton 360
2009-11-17 13:44 . 2009-11-17 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-11-17 13:44 . 2009-11-17 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-17 13:43 . 2009-11-17 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-17 13:43 . 2009-11-17 13:43 -------- d-----w- c:\program files\NortonInstaller
2009-11-17 13:36 . 2009-11-17 13:36 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\Symantec
2009-11-17 11:41 . 2009-11-17 11:41 0 ----a-w- C:\settings.dat
2009-11-17 10:19 . 2009-11-17 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-17 09:59 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-17 09:59 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-17 09:47 . 2009-11-17 09:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-17 09:46 . 2009-11-17 09:46 -------- d-----w- c:\program files\NOS
2009-11-17 08:02 . 2009-11-17 08:03 -------- d-----w- c:\program files\ERUNT
2009-11-17 08:01 . 2009-11-17 08:01 -------- d-----w- c:\documents and settings\Shane\Application Data\Malwarebytes
2009-11-17 08:00 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 08:00 . 2009-11-17 08:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-17 08:00 . 2009-11-17 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-17 08:00 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 07:52 . 2009-11-17 07:52 -------- d-----w- C:\Inetpub
2009-11-17 07:40 . 2009-11-17 07:40 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\PCHealth
2009-11-17 07:38 . 2005-10-14 19:45 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-11-17 06:41 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-11-17 06:41 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-11-17 06:41 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-11-17 06:41 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-11-17 06:40 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-11-17 06:39 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-11-17 06:39 . 2009-04-02 04:02 604160 ------w- c:\windows\system32\dllcache\wmspdmod.dll
2009-11-17 06:38 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-17 06:38 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-11-17 06:38 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-11-17 06:38 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-11-17 06:38 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-11-17 06:37 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-11-17 06:37 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-11-17 06:37 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-11-17 06:37 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-17 06:37 . 2009-07-14 04:43 10841088 ------w- c:\windows\system32\dllcache\wmp.dll
2009-11-17 06:36 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-17 06:36 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-11-17 06:36 . 2009-05-07 15:32 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2009-11-17 06:27 . 2009-11-17 06:27 -------- d-----w- c:\documents and settings\Shane\Application Data\Auslogics
2009-11-17 06:26 . 2009-11-17 06:26 -------- d-----w- c:\program files\Auslogics
2009-11-17 04:25 . 2009-11-17 04:27 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-17 04:20 . 2009-11-17 04:21 -------- d-----w- C:\4d49826d1c3ed3d596c5f6a23aa1
2009-11-17 04:13 . 2009-08-07 00:23 215904 ----a-w- c:\windows\system32\muweb.dll
2009-11-17 04:13 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-17 04:13 . 2009-08-07 00:23 209624 ----a-w- c:\windows\system32\wuweb.dll
2009-11-17 04:13 . 2009-08-07 00:23 209624 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-11-17 04:10 . 2009-11-18 04:48 -------- d-----w- C:\My Documents
2009-11-17 02:38 . 2009-11-17 02:38 -------- d-----w- c:\documents and settings\Shane\Application Data\VSRevoGroup
2009-11-17 02:36 . 2009-11-17 02:36 -------- d-----w- c:\program files\VS Revo Group
2009-11-17 02:35 . 2009-11-17 02:35 117760 ----a-w- c:\documents and settings\Shane\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 02:32 . 2009-11-17 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-17 02:31 . 2009-11-17 02:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 02:31 . 2009-11-17 02:31 -------- d-----w- c:\documents and settings\Shane\Application Data\SUPERAntiSpyware.com
2009-11-17 02:31 . 2009-11-17 02:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 02:24 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-17 02:24 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-11 20:45 . 2009-11-11 20:48 -------- d-----w- c:\program files\iTunes
2009-11-11 20:14 . 2009-11-11 20:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:23 . 2009-11-17 10:18 152576 ----a-w- c:\documents and settings\Shane\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 04:28 . 2007-11-01 22:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-17 19:01 . 2009-05-19 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-17 17:54 . 2009-03-23 12:19 -------- d-----w- c:\program files\TrueSwitchComcast
2009-11-17 17:41 . 2005-11-29 00:03 -------- d-----w- c:\program files\Java
2009-11-17 17:28 . 2008-07-14 00:21 -------- d-----w- c:\program files\MINITAB 14 Student
2009-11-17 14:22 . 2006-03-19 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-17 14:18 . 2009-11-17 14:18 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 14:18 . 2009-11-17 14:18 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 14:18 . 2008-01-29 16:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-17 14:18 . 2008-01-29 16:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-11-17 13:59 . 2006-03-19 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-17 13:55 . 2008-07-30 23:46 -------- d-----w- c:\documents and settings\Shane\Application Data\Symantec
2009-11-17 11:38 . 2008-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-17 11:13 . 2007-03-20 23:47 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-17 09:53 . 2008-08-29 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-17 04:10 . 2005-12-10 23:02 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-17 04:10 . 2005-12-10 23:02 104 --sh--r- c:\windows\system32\76C18D1F6D.sys
2009-11-17 03:48 . 2005-11-29 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-11-17 02:48 . 2006-10-13 23:30 -------- d-----w- c:\program files\Trend Micro
2009-11-12 02:18 . 2005-12-03 19:59 -------- d-----w- c:\program files\Dl_cats
2009-11-11 20:46 . 2005-12-25 14:30 -------- d-----w- c:\program files\iPod
2009-11-11 20:46 . 2007-07-11 22:55 -------- d-----w- c:\program files\Common Files\Apple
2009-10-26 00:19 . 2009-09-11 22:09 38 ----a-w- c:\documents and settings\Shane\jagex_runescape_preferences.dat
2009-10-26 00:14 . 2009-09-11 22:10 63 ----a-w- c:\documents and settings\Shane\jagex_runescape_preferences2.dat
2009-10-17 18:00 . 2008-06-14 23:59 66560 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-11 09:17 . 2009-02-01 22:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 22:17 . 2006-03-04 21:59 -------- d-----w- c:\program files\Yahoo!
2009-09-24 22:17 . 2006-03-10 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\YAHOO
2009-09-24 22:15 . 2006-03-10 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-24 22:07 . 2009-06-24 20:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-24 22:04 . 2009-01-12 03:44 -------- d-----w- c:\program files\ViStart
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 21:21 . 2009-09-07 21:21 152576 ----a-w- c:\documents and settings\Shane\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 23:42 . 2009-06-01 21:53 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-11-21 01:33 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-03-27 20:29 . 2009-03-27 20:29 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lisa Forko^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Lisa Forko\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 5:27 PM 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [11/17/2009 9:18 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [11/17/2009 9:18 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [11/17/2009 9:18 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/17/2009 9:34 AM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [11/17/2009 9:18 AM 117640]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [6/7/2009 6:33 PM 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/16/2009 5:46 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/16/2005 5:18 AM 14336]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/17/2007 9:20 PM 39048]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [6/18/2009 4:14 PM 13225]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2009-11-17 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2009-11-17 14:51]
2009-11-18 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
- c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe [2009-11-17 14:51]
2009-11-17 c:\windows\Tasks\wrSpySweeper_LE692466E3212481FA0BDAF3760308B9F.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-15 19:40]
2009-11-17 c:\windows\Tasks\wrSpySweeper_LE692466E3212481FA0BDAF3760308B9F.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-10-15 19:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-18 00:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Shane\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-11-18 00:52
ComboFix-quarantined-files.txt 2009-11-18 05:52
Pre-Run: 24,196,706,304 bytes free
Post-Run: 24,158,351,360 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" oexecute=optin /fastdetect
- - End Of File - - 3B21C614C94F8CB59BCA0B078B7EB41A

starbuck · Nov 18, 2009

Re: Still Infected With Malware?

Thanks for that Shane,

Can you let me have another report from Otl.
This time you don't need to tick Purity and Lop.
Just click on the Scan button.
The Extras.txt won't be there when the report comes up.... we don't need it this time anyway.

I've already made a list of what needs removing from your previous Otl report, but i want to compare it against a report after CF to see exactly what has changed.

Thanks.

Shane-S · Nov 18, 2009

Re: Still Infected With Malware?

Thank you, Starbucks! I uninstalled the older versions of jave as you wanted and here is the scan you requested from OTL.

OTL logfile created on: 11/18/2009 6:50:45 PM - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 558.91 Mb Available Physical Memory | 55.12% Memory free
1.63 Gb Paging File | 1.20 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 21.39 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D50S1X81
Current User Name: Shane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\3.5.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (BHDrvx86) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091118.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091118.003\NAVENG.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys (Symantec Corporation)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ICDUSB2) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=5savg9gtnj78r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 8B 75 4D 2D 67 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "AOL Search="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "Welcome to Facebook | Facebook"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: splash@aldreneo.com:2.0.2
FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:2.0.3
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:2
FF - prefs.js..keyword.URL: "AOL Search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\Lisa Forko\My Documents\REalplayer11\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 16:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 18:13:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 04:46:18 | 00,000,000 | ---D | M]

[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions
[2008/08/26 17:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/15 18:38:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions
[2009/02/02 19:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 20:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/10/19 14:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\camifox@altmusictv.com
[2009/10/19 14:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\chromifox@altmusictv.com
[2009/10/19 14:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\savesession@noasobi.net
[2009/10/23 20:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\splash@aldreneo.com
[2008/07/09 15:25:27 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\aimsearch.xml
[2009/01/15 09:24:26 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\conduit.xml
[2009/11/18 18:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 23:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/13 16:39:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/03 16:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 23:34:45 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 23:34:47 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 23:34:56 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/02/24 20:05:56 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/02/24 20:10:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/24 20:05:20 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/11/06 09:19:24 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/17 09:20:12 | 00,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258439391375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258451344234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (HARED) - File not found
O30 - LSA: Security Packages - (y) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/18 18:48:17 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/18 17:35:27 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/18 00:30:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/18 00:29:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/18 00:29:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/18 00:29:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/18 00:29:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/18 00:28:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/17 13:13:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Shane\Recent
[2009/11/17 12:22:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Tutor
[2009/11/17 09:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2009/11/17 09:20:36 | 00,000,000 | ---D | C] -- C:\My Documents\Symantec
[2009/11/17 09:18:59 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/17 09:18:55 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/17 09:18:55 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/17 09:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/11/17 09:18:29 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/11/17 09:18:29 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/11/17 09:18:29 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/11/17 09:18:29 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/11/17 09:18:29 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/11/17 09:18:29 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/11/17 09:18:29 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/11/17 09:18:29 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/11/17 09:18:28 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/11/17 09:18:27 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/11/17 09:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/11/17 09:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009/11/17 09:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/11/17 08:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/11/17 08:44:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/17 08:43:32 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/17 08:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/17 08:36:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Symantec
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Videos
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Music
[2009/11/17 05:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/17 04:59:30 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/17 04:59:30 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/17 04:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/17 03:03:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/17 03:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 03:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Malwarebytes
[2009/11/17 03:00:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/17 03:00:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/17 02:52:08 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/11/17 02:40:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\PCHealth
[2009/11/17 02:38:13 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/11/17 01:41:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/11/17 01:41:01 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/11/17 01:41:01 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/11/17 01:41:00 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/11/17 01:40:38 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/11/17 01:39:53 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/11/17 01:39:35 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/11/17 01:38:47 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/17 01:38:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/11/17 01:38:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/11/17 01:38:18 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/11/17 01:38:07 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/11/17 01:37:50 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/11/17 01:37:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/11/17 01:37:38 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/11/17 01:37:32 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/17 01:37:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/17 01:37:04 | 10,841,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/11/17 01:36:48 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/17 01:36:29 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/11/17 01:36:09 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/11/17 01:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Auslogics
[2009/11/17 01:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/11/16 23:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/16 23:20:53 | 00,000,000 | ---D | C] -- C:\4d49826d1c3ed3d596c5f6a23aa1
[2009/11/16 23:13:40 | 00,215,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/11/16 23:13:39 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/11/16 23:12:37 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/11/16 23:12:32 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/11/16 23:10:31 | 00,000,000 | ---D | C] -- C:\My Documents\My Pictures
[2009/11/16 23:10:31 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/11/16 21:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\VSRevoGroup
[2009/11/16 21:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/16 21:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/16 21:30:52 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/11/11 15:45:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/03 16:36:07 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 16:36:06 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/03/27 15:29:21 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2007/12/14 16:09:02 | 00,217,088 | ---- | C] ( ) -- C:\Documents and Settings\Shane\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Shane\Local Settings\Application Data\stdole.dll

========== Files - Modified Within 30 Days ==========

[2009/11/18 18:48:20 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/18 18:45:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/18 18:44:21 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/18 18:44:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/18 18:44:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/18 18:44:13 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 18:43:03 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Shane\ntuser.dat
[2009/11/18 18:43:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Shane\ntuser.ini
[2009/11/18 17:35:30 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/18 17:15:54 | 00,501,568 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/18 17:15:54 | 00,437,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/18 17:15:54 | 00,076,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/18 16:49:10 | 01,586,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/18 14:26:27 | 00,000,793 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/18 14:26:27 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/18 14:26:27 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/18 10:34:59 | 00,638,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/11/18 00:25:51 | 03,565,123 | R--- | M] () -- C:\Documents and Settings\Shane\Desktop\Combo-Fix.exe
[2009/11/17 13:14:53 | 00,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 13:06:22 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\mcs.rma
[2009/11/17 13:06:22 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\6248E5
[2009/11/17 12:58:29 | 00,002,038 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\vba.ini
[2009/11/17 09:18:57 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/11/17 09:18:55 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/17 09:18:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/17 09:18:54 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/17 09:18:54 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/17 09:18:31 | 00,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/11/17 09:18:29 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/11/17 09:18:29 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/11/17 09:18:29 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/11/17 09:18:29 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/11/17 09:18:29 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/11/17 09:18:29 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/11/17 09:18:29 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/17 09:18:29 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/11/17 09:18:29 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/11/17 09:18:28 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/11/17 09:18:28 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/11/17 09:18:27 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/11/17 09:18:10 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/11/17 09:17:48 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/11/17 09:17:48 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/11/17 09:17:48 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/11/17 09:17:47 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/11/17 09:17:47 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/11/17 09:17:47 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/11/17 09:17:46 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/11/17 09:17:46 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/11/17 09:16:52 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/11/17 09:16:52 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/11/17 09:16:51 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/11/17 09:16:51 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/11/17 09:16:51 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/11/17 09:16:50 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/11/17 09:16:50 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/11/17 06:41:47 | 00,000,000 | ---- | M] () -- C:\settings.dat
[2009/11/17 03:25:49 | 07,864,320 | -H-- | M] () -- C:\Documents and Settings\Shane\ntuser.bak
[2009/11/17 03:12:37 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/11/17 03:01:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 02:54:18 | 00,006,475 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/17 01:26:11 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 23:10:30 | 00,005,018 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/16 23:10:30 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2009/11/16 21:48:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/16 21:30:53 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/11 17:36:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/08 11:30:14 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/26 16:48:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/25 19:19:16 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences.dat
[2009/10/25 19:14:26 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences2.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2009/11/18 00:30:56 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/18 00:30:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/18 00:29:22 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/18 00:29:22 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/18 00:29:22 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/18 00:29:22 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/18 00:29:22 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/18 00:25:49 | 03,565,123 | R--- | C] () -- C:\Documents and Settings\Shane\Desktop\Combo-Fix.exe
[2009/11/17 09:20:04 | 00,638,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/11/17 09:18:57 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2009/11/17 09:18:55 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/17 09:18:55 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/17 09:18:31 | 00,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/11/17 09:17:48 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/11/17 09:17:48 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/11/17 09:17:48 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/11/17 09:17:47 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/11/17 09:17:47 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/11/17 09:17:47 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/11/17 09:17:46 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/11/17 09:17:46 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/11/17 09:16:52 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/11/17 09:16:52 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/11/17 09:16:51 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/11/17 09:16:51 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/11/17 09:16:51 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/11/17 09:16:50 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/11/17 09:16:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/11/17 06:41:47 | 00,000,000 | ---- | C] () -- C:\settings.dat
[2009/11/17 03:01:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 01:29:18 | 00,000,566 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 01:29:13 | 00,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/17 01:26:10 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 21:48:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:56 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/11 15:48:47 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/23 13:37:03 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\6248E5
[2009/05/23 13:37:02 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\mcs.rma
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/03/28 10:47:36 | 01,575,170 | -H-- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\IconCache.db
[2009/03/13 16:40:52 | 00,000,482 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/07/09 20:09:20 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/15 21:30:16 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/21 18:26:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/08 19:23:12 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/03/18 14:59:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/26 22:03:10 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/07/20 11:48:28 | 00,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2007/06/13 17:41:18 | 00,595,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2007/06/13 17:41:09 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2007/04/15 15:14:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/04/11 13:46:33 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/01/17 21:35:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/01/17 21:20:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2007/01/17 21:20:27 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2007/01/17 21:20:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/11/17 23:35:53 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/17 23:35:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/14 21:05:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/10/14 21:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/03/20 09:27:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/19 12:52:46 | 00,005,664 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypinfo.bin
[2006/03/19 12:30:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/03/10 20:45:47 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 15:25:29 | 00,080,472 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/10 18:02:04 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/10 18:02:04 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2005/12/04 16:34:13 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JPR.{PB
[2005/12/04 16:34:13 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JCM.{PB
[2005/12/04 16:20:21 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/03 18:06:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Shane\Application Data\desktop.ini
[2005/12/03 18:06:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\fusioncache.dat
[2005/12/03 16:21:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/28 19:23:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 19:13:03 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 19:11:58 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\MFC71.DLL
[2005/11/28 18:43:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/30 11:08:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/08/30 11:08:46 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/08/30 11:08:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/08/30 11:07:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/08/30 11:07:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/08/30 11:07:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/08/30 11:07:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/08/30 11:06:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,793 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/28 13:47:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/06/21 15:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 15:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 15:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 15:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 15:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 15:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 15:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 15:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 15:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/06/06 10:58:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/05 14:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
< End of report >

Shane-S · Nov 18, 2009

Re: Still Infected With Malware?

Thank you, Starbucks! I uninstalled the older versions of jave as you wanted and here is the scan you requested from OTL.

OTL logfile created on: 11/18/2009 6:50:45 PM - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 558.91 Mb Available Physical Memory | 55.12% Memory free
1.63 Gb Paging File | 1.20 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 21.39 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D50S1X81
Current User Name: Shane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (Auslogics)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Shane\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\3.5.2.11\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (BHDrvx86) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091118.003\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091118.003\NAVENG.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys (Symantec Corporation)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ICDUSB2) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=5savg9gtnj78r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 8B 75 4D 2D 67 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "AOL Search="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "Welcome to Facebook | Facebook"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: splash@aldreneo.com:2.0.2
FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:2.0.3
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {BF32D2C8-9C75-404b-ACF4-880DB4679236}:2
FF - prefs.js..keyword.URL: "AOL Search="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\Lisa Forko\My Documents\REalplayer11\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 16:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 18:13:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 04:46:18 | 00,000,000 | ---D | M]

[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions
[2008/08/26 17:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/23 20:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/15 18:38:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions
[2009/02/02 19:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 20:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2009/10/19 14:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\camifox@altmusictv.com
[2009/10/19 14:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\chromifox@altmusictv.com
[2009/10/19 14:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\savesession@noasobi.net
[2009/10/23 20:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\extensions\splash@aldreneo.com
[2008/07/09 15:25:27 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\aimsearch.xml
[2009/01/15 09:24:26 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\mqz9e726.default\searchplugins\conduit.xml
[2009/11/18 18:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 23:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/13 16:39:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/03 16:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 23:34:45 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 23:34:47 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 23:34:56 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/02/24 20:05:56 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/15 00:16:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/15 00:16:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/02/24 20:10:52 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/24 20:05:20 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/11/06 09:19:24 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/17 09:20:12 | 00,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258439391375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258451344234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (HARED) - File not found
O30 - LSA: Security Packages - (y) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/18 18:48:17 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/18 17:35:27 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/18 00:30:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/18 00:29:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/18 00:29:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/18 00:29:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/18 00:29:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/18 00:28:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/17 13:13:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Shane\Recent
[2009/11/17 12:22:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Tutor
[2009/11/17 09:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2009/11/17 09:20:36 | 00,000,000 | ---D | C] -- C:\My Documents\Symantec
[2009/11/17 09:18:59 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/17 09:18:55 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/17 09:18:55 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/17 09:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/11/17 09:18:29 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/11/17 09:18:29 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/11/17 09:18:29 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/11/17 09:18:29 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/11/17 09:18:29 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/11/17 09:18:29 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/11/17 09:18:29 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/11/17 09:18:29 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/11/17 09:18:28 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/11/17 09:18:27 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/11/17 09:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/11/17 09:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009/11/17 09:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/11/17 08:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/11/17 08:44:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/17 08:43:32 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/17 08:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/17 08:36:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Symantec
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Videos
[2009/11/17 05:34:39 | 00,000,000 | --SD | C] -- C:\My Documents\My Music
[2009/11/17 05:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/17 04:59:30 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/17 04:59:30 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/17 04:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/17 03:03:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/17 03:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 03:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Malwarebytes
[2009/11/17 03:00:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/17 03:00:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 03:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/17 02:52:08 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/11/17 02:40:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\PCHealth
[2009/11/17 02:38:13 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/11/17 01:41:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/11/17 01:41:01 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/11/17 01:41:01 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/11/17 01:41:00 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/11/17 01:40:38 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/11/17 01:39:53 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/11/17 01:39:35 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/11/17 01:38:47 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/17 01:38:32 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/11/17 01:38:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/11/17 01:38:18 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/11/17 01:38:07 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/11/17 01:37:50 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/11/17 01:37:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/11/17 01:37:38 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/11/17 01:37:32 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/17 01:37:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/17 01:37:04 | 10,841,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/11/17 01:36:48 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/17 01:36:29 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/11/17 01:36:09 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/11/17 01:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Auslogics
[2009/11/17 01:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/11/16 23:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/16 23:20:53 | 00,000,000 | ---D | C] -- C:\4d49826d1c3ed3d596c5f6a23aa1
[2009/11/16 23:13:40 | 00,215,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/11/16 23:13:39 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/11/16 23:13:36 | 00,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/11/16 23:12:37 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/11/16 23:12:37 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/11/16 23:12:35 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/11/16 23:12:33 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/11/16 23:12:33 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/11/16 23:12:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/11/16 23:12:32 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/11/16 23:12:32 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2009/11/16 23:12:25 | 00,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/11/16 23:10:31 | 00,000,000 | ---D | C] -- C:\My Documents\My Pictures
[2009/11/16 23:10:31 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/11/16 21:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\VSRevoGroup
[2009/11/16 21:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/16 21:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/16 21:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
[2009/11/16 21:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/16 21:30:52 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/11/16 21:24:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/11/11 15:45:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/03 16:36:07 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 16:36:06 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 16:36:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/03/27 15:29:21 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2007/12/14 16:09:02 | 00,217,088 | ---- | C] ( ) -- C:\Documents and Settings\Shane\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Shane\Local Settings\Application Data\stdole.dll

========== Files - Modified Within 30 Days ==========

[2009/11/18 18:48:20 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2009/11/18 18:45:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/18 18:44:21 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/18 18:44:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/18 18:44:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/18 18:44:13 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 18:43:03 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Shane\ntuser.dat
[2009/11/18 18:43:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Shane\ntuser.ini
[2009/11/18 17:35:30 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\TFC.exe
[2009/11/18 17:15:54 | 00,501,568 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/18 17:15:54 | 00,437,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/18 17:15:54 | 00,076,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/18 16:49:10 | 01,586,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/18 14:26:27 | 00,000,793 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/18 14:26:27 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/18 14:26:27 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/18 10:34:59 | 00,638,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/11/18 00:25:51 | 03,565,123 | R--- | M] () -- C:\Documents and Settings\Shane\Desktop\Combo-Fix.exe
[2009/11/17 13:14:53 | 00,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 13:06:22 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\mcs.rma
[2009/11/17 13:06:22 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\6248E5
[2009/11/17 12:58:29 | 00,002,038 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\vba.ini
[2009/11/17 09:18:57 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/11/17 09:18:55 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/17 09:18:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/17 09:18:54 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/17 09:18:54 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/17 09:18:31 | 00,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/11/17 09:18:29 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009/11/17 09:18:29 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009/11/17 09:18:29 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009/11/17 09:18:29 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009/11/17 09:18:29 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009/11/17 09:18:29 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009/11/17 09:18:29 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/17 09:18:29 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009/11/17 09:18:29 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009/11/17 09:18:28 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009/11/17 09:18:28 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/11/17 09:18:27 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009/11/17 09:18:10 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/11/17 09:17:48 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/11/17 09:17:48 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/11/17 09:17:48 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/11/17 09:17:47 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/11/17 09:17:47 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/11/17 09:17:47 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/11/17 09:17:46 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/11/17 09:17:46 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/11/17 09:16:52 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/11/17 09:16:52 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/11/17 09:16:51 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/11/17 09:16:51 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/11/17 09:16:51 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/11/17 09:16:50 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/11/17 09:16:50 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/11/17 06:41:47 | 00,000,000 | ---- | M] () -- C:\settings.dat
[2009/11/17 03:25:49 | 07,864,320 | -H-- | M] () -- C:\Documents and Settings\Shane\ntuser.bak
[2009/11/17 03:12:37 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/11/17 03:01:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 02:54:18 | 00,006,475 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/17 01:26:11 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 23:10:30 | 00,005,018 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/16 23:10:30 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2009/11/16 21:48:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/16 21:30:53 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Shane\Desktop\ATF-Cleaner.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/11 17:36:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/08 11:30:14 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/26 16:48:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/25 19:19:16 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences.dat
[2009/10/25 19:14:26 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Shane\jagex_runescape_preferences2.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2009/11/18 00:30:56 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/18 00:30:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/18 00:29:22 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/18 00:29:22 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/18 00:29:22 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/18 00:29:22 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/18 00:29:22 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/18 00:25:49 | 03,565,123 | R--- | C] () -- C:\Documents and Settings\Shane\Desktop\Combo-Fix.exe
[2009/11/17 09:20:04 | 00,638,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009/11/17 09:18:57 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2009/11/17 09:18:55 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/17 09:18:55 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/17 09:18:31 | 00,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2009/11/17 09:17:48 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009/11/17 09:17:48 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009/11/17 09:17:48 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009/11/17 09:17:47 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009/11/17 09:17:47 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009/11/17 09:17:47 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009/11/17 09:17:46 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009/11/17 09:17:46 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009/11/17 09:16:52 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009/11/17 09:16:52 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009/11/17 09:16:51 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009/11/17 09:16:51 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009/11/17 09:16:51 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009/11/17 09:16:50 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009/11/17 09:16:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009/11/17 06:41:47 | 00,000,000 | ---- | C] () -- C:\settings.dat
[2009/11/17 03:01:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 01:29:18 | 00,000,566 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2009/11/17 01:29:13 | 00,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2009/11/17 01:26:10 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Auslogics Disk Defrag.lnk
[2009/11/16 21:48:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\HijackThis.lnk
[2009/11/16 21:36:24 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Revo Uninstaller.lnk
[2009/11/16 21:31:56 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/11 15:48:47 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/23 13:37:03 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\6248E5
[2009/05/23 13:37:02 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\mcs.rma
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/03/28 10:47:36 | 01,575,170 | -H-- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\IconCache.db
[2009/03/13 16:40:52 | 00,000,482 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/07/09 20:09:20 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/15 21:30:16 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/21 18:26:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/08 19:23:12 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/03/18 14:59:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/26 22:03:10 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/07/20 11:48:28 | 00,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2007/06/13 17:41:18 | 00,595,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2007/06/13 17:41:09 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2007/04/15 15:14:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/04/11 13:46:33 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/01/17 21:35:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/01/17 21:20:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2007/01/17 21:20:27 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2007/01/17 21:20:27 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2006/11/17 23:35:53 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/17 23:35:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/14 21:05:15 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/10/14 21:05:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/03/20 09:27:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/19 12:52:46 | 00,005,664 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypinfo.bin
[2006/03/19 12:30:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/03/10 20:45:47 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 15:25:29 | 00,080,472 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/10 18:02:04 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/10 18:02:04 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\76C18D1F6D.sys
[2005/12/04 16:34:13 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JPR.{PB
[2005/12/04 16:34:13 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\PFP120JCM.{PB
[2005/12/04 16:20:21 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/03 18:06:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Shane\Application Data\desktop.ini
[2005/12/03 18:06:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\fusioncache.dat
[2005/12/03 16:21:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/28 19:23:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/28 19:13:03 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/28 19:11:58 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\MFC71.DLL
[2005/11/28 18:43:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/30 11:08:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/08/30 11:08:46 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/08/30 11:08:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/08/30 11:07:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/08/30 11:07:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/08/30 11:07:34 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/08/30 11:07:32 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/08/30 11:06:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 05:18:43 | 00,000,793 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/28 13:47:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/06/21 15:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 15:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 15:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 15:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 15:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 15:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 15:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 15:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 15:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/06/06 10:58:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/05 14:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
< End of report >

starbuck · Feb 2, 2014

Re: Still Infected With Malware?

Hi Shane,

Combofix cleared a few entries i was going to remove, so a bit less for the fix.
You have a lot of removed programs that are still in the 'Firewall Policies', so we'll clear these from the registry at the same time.

Step 1
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure you include the first lot of : )
Code:
:Otl
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/.../installer.exe (Reg Error: Key error.)
[2009/11/08 11:30:14 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" =- 
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" =- 
"C:\Program Files\America Online 9.0\waol.exe" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" =- 
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" =- 
"C:\Program Files\America Online 9.0\waol.exe" =- 
"C:\Program Files\LimeWire\LimeWire.exe" =- 
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" =-
"C:\Program Files\Common Files\AOL\1139094048\ee\aolsoftware.exe" =-
"C:\Program Files\Common Files\AOL\1139094048\ee\aim6.exe" =-
"C:\Program Files\Yahoo!\Messenger\YPager.exe" =- 
"C:\Program Files\Yahoo!\Messenger\YServer.exe" =- 
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" =- 
"C:\PROGRA~1\Yahoo!\MESSEN~1\Yserver.exe" =- 
"C:\Program Files\Common Files\AOL\1142973760\ee\aolsoftware.exe" =- 
"C:\Program Files\Common Files\AOL\1142973760\ee\aim6.exe" =- 
"C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe" =- 
"C:\Documents and Settings\Lisa Forko\My Documents\My Music\iTunes\iTunes Music\LimeWire.exe" =- 
"C:\Program Files\Piolet\Piolet.exe" =-
"C:\Program Files\AIM6\aim6.exe" =-
"C:\Documents and Settings\All Users\Documents\iTunes Music\LimeWire.exe" =-
"C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\LimeWire\LimeWire.exe" =-
"C:\Documents and Settings\Shane\My Documents\My Music\iTunes\iTunes Music\FrostWire\FrostWire.exe" =-
"C:\Program Files\uTorrent\uTorrent.exe" =-
"F:\My Documents\LimeWire\LimeWire.exe" =-
"C:\Program Files\BitTorrent\bittorrent.exe" =-

:commands
[emptytemp]
[purity]
[start explorer]
Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

If OTListIt prompts for permission to reboot the computer, allow it to do so.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log in your next reply.

Step 2
Please run a BitDefender Online Scan

Click I Agree to agree to the EULA.

Allow the ActiveX control to install when prompted.

Click Click here to scan to begin the scan.

Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.

When the scan is finished, click on Click here to export the scan results.

Save the report to your desktop so you can post it in your next reply.

Note: You will need to use Internet Explorer for this scan.

In your next reply, please submit:
Otl report that comes up after the fix
BitDefender scan report

also let me know how the system is running after the Otl fix.

Thanks.

allheart55 (Cindy E) · Nov 18, 2009

Re: Still Infected With Malware?

Hi Pete,

Apparently Shane's computer has been overheating and shutting down most of the day.

He heard a couple of pops this evening and when I took a look at the mainboard I saw

that he has two blown capacitors. It doesn't look as if he can continue.

Thank you for helping him, I believe it was a good experience as well as a hard lesson learned.

starbuck · Nov 19, 2009

Re: Still Infected With Malware?

Many thanks for informing me of the situation Cindy,
It seems that this would have happened if there was malware or not.
It's just something beyond anyones control.
I don't suppose there's any chance that the system is still under warranty?
If not, i should think Shane has an aunt somewhere that will help him out.

allheart55 (Cindy E) · Nov 19, 2009

Re: Still Infected With Malware?

Hi Pete,

This is a 2005 Dell Media Center Edition and he has had quite a few hardware problems with this model.

I have already replaced the mobo twice while it was still under warranty. This is #3 motherboard gone

bad. Oh well, it happens.... Thanks again for helping my nephew out, he is now fascinated with the

whole malware removal procedure.

starbuck · Nov 19, 2009

Re: Still Infected With Malware?

he is now fascinated with the
whole malware removal procedure.
Click to expand...

As there may well be other members that are fascinated by the procedure,
I'll post some links that may help you.
Entry to training schools is free (but you will be expected to work lol)
Training is given at some of the top security sites ( in hidden rooms) and experience isn't always needed.... just a willingness to learn.

Here are the links to the top 3 schools:

Would you like to learn to fight malware?

MalWare Removal • View topic - Malware Removal University - Now Open

Malware Removal Training Program

The amount of time it takes to graduate is entirely down to the individual member.
But graduation at one of the above schools will be recognised on any forum/site.

If you do decide to take up the challenge, i wish you well.
It's a very fulfilling challenge to take up.

Log in or Sign up

Still Infected With Malware? (Thread on hold)

Shane-S Junior Member

BeeCeeBee ADMINISTRATOR IN MEMORY

Shane-S Junior Member

Shane-S Junior Member

BeeCeeBee ADMINISTRATOR IN MEMORY

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

allheart55 (Cindy E) Administrator Administrator

starbuck Rest In Peace Pete Administrator

allheart55 (Cindy E) Administrator Administrator

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Still Infected With Malware? (Thread on hold)

Shane-S Junior Member

BeeCeeBee ADMINISTRATOR IN MEMORY

Shane-S Junior Member

Shane-S Junior Member

BeeCeeBee ADMINISTRATOR IN MEMORY

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

Shane-S Junior Member

Shane-S Junior Member

starbuck Rest In Peace Pete Administrator

allheart55 (Cindy E) Administrator Administrator

starbuck Rest In Peace Pete Administrator

allheart55 (Cindy E) Administrator Administrator

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches